Response to First Office Action 
Docket No. 002.0144.US.UTL 



Amendments to the Claims 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 



Listing of Claims: 

1 1. (canceled). 

1 2. (currently amended): A system according to Claim [[4-]] 4, further 

2 comprising: 

3 a concast [[path]] free interconnecting the packet validation devices, the 

4 tree nodes, and the root tree node via an interconnection reserved for validation 

5 rule parameter exchange. 

1 3. (currently amended): A system according to Claim [[i]] 4, further 

2 comprising: 

3 a dissemination path interconnecting the root tree node with each packet 

4 validation device via [[a]] an interconnection reserved for validation rule 

5 parameter exchange. 

1 4. (currently amended): A system according to Claim 1, furth e r for 

2 dynamically configuring parameterized validation rules in a distributed computing 

3 environment, comprising: 

4 a plurality of packet validation devices, each situated within the 

5 distributed computing environment at packet routing points and validating packet 

6 traffic using parameterized validation rules; 

7 a plurality of hierarchical tree nodes structured into a plurality of tiered 

8 layers with each tree node interfaced to at least one other tree node, those tree 

9 nodes at a lowermost layer further interfaced to at least one packet validation 
10 device from which validation rule parameters are retrieved and processed: 
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11 a root tree node interfaced to an uppermost layer of tree nodes from which 

12 validation rule parameters are retrieved and disseminated to each of the packet 

13 validation devices; and 

14 a filter executed by each tree node on retrieved validation rule parameters 

15 to remove at least one of duplicate validation rule parameters and validation rule 

16 parameters sharing commonly identified network address space. 

1 5. (currently amended): A system according to Claim [[+]] 4, wherein 

2 the validation rule parameters each comprise a source network address and subnet 

3 mask, a source network port, a destination network address and subnet mask, a 

4 destination network port, and one or more network protocol identifiers. 
1 6. (canceled). 

1 7. (currently amended): A method according to Claim [[6]] 9, further 

2 comprising: 

3 interconnecting a [[path]] tree between the packet validation devices, the 

4 tree nodes, and the root tree node via an interconnection reserved for validation 

5 rule parameter exchange. 

1 8. (currently amended): A method according to Claim [[€]] 9, further 

2 comprising: 

3 interconnecting a dissemination path between the root tree node and each 

4 packet validation device via [[a]] an interconnection reserved for validation rule 

5 parameter exchange. 

1 9. (currently amended): A method according to Claim 6, furth e r for 

2 dynamically configuring parameterized validation rules in a distributed computing 

3 environment, comprising: 

4 fielding a plurality of packet validation devices, each situated within the 

5 distributed computing environment at packet routing points and validating packet 

6 traffic using parameterized validation rules; 
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7 interconnecting a plurality of hierarchical tree nodes structured into a 

8 plurality of tiered layers with each tree node interfaced to at least one other tree 

9 node, those tree nodes at a lowermost layer further interfaced to at least one 

10 packet validation device from which validation rule parameters are retrieved and 

11 processed; 

12 interfacing a root tree node to an uppermost layer of tree nodes from 

13 which validation rule parameters are retrieved and disseminated to each of the 

14 packet validation devices; and 

1 5 executing a filter by each tree node on retrieved validation rule parameters 

16 to remove at least one of duplicate validation rule parameters and validation rule 

17 parameters sharing commonly identified network address space. 

1 10. (currently amended): A method according to Claim [[€]] 9, 

2 wherein the validation rule parameters each comprise a source network address 

3 and subnet mask, a source network port, a destination network address and subnet 

4 mask, a destination network port, and one or more network protocol identifiers. 

1 11. (currently amended): A computer-readable storage medium 

2 holding code for performing the method of Claim [[€]] 9. 

1 12. (original): A system for communicating coalesced rule parameters 

2 in a distributed computing environment, comprising: 

3 a plurality of packet validation devices communicatively interposed 

4 between network routing points within the distributed computing environment 

5 and applying parameterized rules to transiting network packet traffic; 

6 a plurality of processing tree nodes configured into a concast tree, 

7 comprising: 

8 in a lowermost layer of the concast tree, each processing tree node 

9 collecting and coalescing rule parameters from at least one packet validation 
10 device; and 
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11 in each successive layer of the concast tree, each processing tree 

12 node collecting and coalescing the rule parameters from at least one processing 

13 tree node in a next lower layer of the concast tree; 

14 a control center assembling the coalesced rule parameters from each 

15 packet validation device in an uppermost layer of the concast tree; and 

16 a dissemination path forwarding the coalesced rule parameters from the 

17 control center to each packet validation device. 

1 13. (original): A system according to Claim 12, wherein each 

2 processing tree node further comprises: 

3 a parameter filter removing duplicate rule parameters and consolidating 

4 commonly identified network address space. 

1 14. (original): A system according to Claim 12, wherein each packet 

2 validation device further comprises: 

3 a rule filter limiting application of the coalesced rule parameters to those 

4 network routing points within a pre-determined vicinity. 

1 15. (original): A system according to Claim 12, wherein the 

2 dissemination path further comprises: 

3 the distributed computing environment through which the coalesced rule 

4 parameters are broadcast to each packet validation device. 

1 16. (original): A system according to Claim 12, wherein the 

2 dissemination path further comprises: 

3 the concast tree through which the coalesced rule parameters are sent to 

4 each packet validation device via the processing tree nodes. 

1 17. (original): A system according to Claim 12, wherein the concast 

2 tree further comprises: 

3 an in-band communication channel logically defined via bandwidth 

4 reserved within the distributed computing environment. 
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1 18. (original): A system according to Claim 12, wherein the concast 

2 tree further comprises: 

3 an out-of-band communication channel interfacing the packet validation 

4 devices, the processing tree nodes, and the control center via interconnections 

5 peripheral to the distributed computing environment. 

1 19. (original): A system according to Claim 12, wherein the rule 

2 parameters each comprise: 

3 source packet information describing a source network address and subnet 

4 mask; 

5 source port information describing a source network port; 

6 destination packet information describing a destination network address 

7 and subnet mask; 

8 destination port information describing a destination network port; and 

9 network protocol information identifying one or more network protocols. 

1 20. (original): A system according to Claim 12, wherein the distributed 

2 computing environment comprises an internet-protocol (IP)-based network. 

1 21 . (original): A method for communicating coalesced rule parameters 

2 in a distributed computing environment, comprising: 

3 applying parameterized rules to network packet traffic transiting a 

4 plurality of packet validation devices communicatively interposed between 

5 network routing points within the distributed computing environment; 

6 configuring a plurality of processing tree nodes into a concast tree, 

7 comprising: 

8 collecting and coalescing rule parameters from at least one packet 

9 validation device into a processing tree node in a lowermost layer of the concast 
10 tree; and 
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1 1 collecting and coalescing the rule parameters from at least one 

12 processing tree node in a next lower layer of the concast tree in each successive 

1 3 layer of the concast tree; 

14 assembling the coalesced rule parameters from each packet validation 

1 5 device in an uppermost layer of the concast tree into a control center and 

16 forwarding the assembled coalesced rule parameters to each packet validation 

17 device. 

1 22. (original): A method according to Claim 2 1 , further comprising: 

2 removing duplicate rule parameters and consolidating commonly 

3 identified network address space. 

1 23 . (original): A method according to Claim 2 1 , further comprising 

2 limiting application of the coalesced rule parameters to those network 

3 routing points within a pre-determined vicinity. 

1 24. (original): A method according to Claim 21, further comprising: 

2 broadcasting the assembled coalesced rule parameters through the 

3 distributed computing environment to each packet validation device. 

1 25. (original): A method according to Claim 2 1 , further comprising: 

2 sending the assembled coalesced rule parameters to each packet validation 

3 device through the concast tree via the processing tree nodes. 

1 26. (original): A method according to Claim 21, further comprising: 

2 logically defining an in-band communication channel by reserving 

3 bandwidth within the distributed computing environment. 

1 27. (original): A method according to Claim 21, wherein the concast 

2 tree further comprises: 

3 interfacing the packet validation devices, the processing tree nodes, and 

4 the control center via an out-of-band communication channel using 

5 interconnections peripheral to the distributed computing environment. 
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1 28. (original): A method according to Claim 2 1 , wherein the rule 

2 parameters each comprise: 

3 source packet information describing a source network address and subnet 

4 mask; 

5 source port information describing a source network port; 

6 destination packet information describing a destination network address 

7 and subnet mask; 

8 destination port information describing a destination network port; and 

9 network protocol information identifying one or more network protocols. 

1 29. (original): A method according to Claim 21 , wherein the 

2 distributed computing environment comprises an internet-protocol (IP)-based 

3 network. 

1 30. (original): A computer-readable storage medium holding code for 

2 performing the method of Claim 2 1 . 
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